Group IT Security Manager

Group IT Security Manager

Ageas

Brussels, Belgium

Objective of the role

The Group IT Security Manager is responsible for implementing the group's information security framework, with a focus on IT security, within Ageas's Corporate Center and facilitating its adoption across Ageas companies. This role, operating in the 1st line, focuses on determining and implementing the "how" of IT security through procedures, tools, and role definitions, working closely with the Group CISO, who defines the "what." In implementing the “how”, the focus is on developing and managing group assets to create synergies across the Group. The manager's responsibilities also include IT Security Operations and Reporting for the Corporate Center. The Group IT Security Manager reports to the Technology Development & Procurement Group Director.

Role responsbilities

The Group IT Security Manager will be responsible for the following activities at the Group level:

• Translate Information Security group policies framework (the WHAT) into operational procedures (the HOW):
  • Define a security architecture addressing the selection of technologies, required competencies, necessary process with roles & responsibilities, and governance;
  • This translation is jointly developed in alignment with Ageas companies IT Security organization, and with the support of the (Group-)CISO’s.. It is ultimately materialized by a group implementation plan involving Ageas companies for local implementation and operations.
• Facilitate the implementation and actively manage the Group Information Security assets by:
  • Driving the selection of partners for implementation and/or operations of the Group security assets;
  • Actively managing Group suppliers and challenging suppliers on service quality and level of services to ensure value/quality for money;
  • Managing the contribution of Ageas companies in Group assets development/implementation initiatives, and in operational activities linked to Group solutions & services;
  • Driving and/or supporting recurrent Ageas companies security posture assessment or testing to seek continuous improvements on IT Security defense solutions.
• Consolidate a view on Ageas companies portfolio of IT Security projects to identify potential synergies by Group initiatives for Group assets development : deliver better, faster, cheaper;
• Consolidate reporting/dashboard of Ageas companies on Cybersecurity operations delivery (Cybersecurity operational KPI’s & KRI’s) and assessment/audit outcomes in collaboration with Group-CISO, and follow-up on action plans;
• Report on major (Group) IT security incidents;
• Provide advisory services, guidance and organize knowledge sharing by and for Ageas companies on Cybersecurity improvement plans, best practices, tests & assessments & audits results;
• Lead the community of Ageas companies heads of IT Security and SME’s on Cybersecurity (Group) initiatives and sharing of practices;
• Present Group & Ageas companies cybersecurity program status reports & posture to Group Senior Management;
• Maintain an understanding of industry trends, emerging cyber threats, and new solutions which may impact the environment, and share with the community of Ageas companies CISO’s and IT Security heads of and SME’s.

In addition, the Group IT security Manager will be responsible for the following activities at the Ageas Corporate Center level:

• Leads ISO27K (re-)certification program and the required continuous improvements;
• Act as SPOC for IT security assessments of Corporate Center by 2nd and 3rd lines of defense;
• Propose and lead IT security program/projects;
• Organize, plan & (partly) execute IT Security activities;
• Participate in the Corporate Centre Information Security Office, which facilitates embedment of the Ageas Information Security Framework within the Ageas Corporate Center;
• Oversee security activities such as access control, incident management, alerting, response, forensics, and reporting;
• Validate Ageas Corporate Center projects/solution from an IT Security point of view via Business Risk Assessments;
• Align with Group CISO in charge of the Information Security 2nd level of control, on adherence to (Group) security policies.

Your profile

• Experience of minimum 10 years in Cybersecurity management roles;
• Strong analytical skills and experience in Cybersecurity Management;
• Relationship-building and influencing skills (including with senior management);
• Communication and presentation skills;
• Drive, ownership, and proactivity;
• High quality standards;
• Collaborative mindset;
• Able to take on an advisory role towards entities of the Group;
• Autonomous in organizing and prioritizing own work in line with management guidelines;
• Resilience;
• Curiosity and eagerness to learn and share;
• Excellent English oral and written communication skills.